Others deliver platforms.
We find the attacks.

We are SEC.ONE -- a Threat Hunting solution using NetFlow and WebProxy telemetry in the Cloud.

We find the needle in the haystack by highlighting the most critical alerts and optionally provide Professional Investigation Consulting. Protecting both your users and applications.

Use our free and powerful app to assess the security posture of your network from anywhere in the world.

Full-service onboarding takes just 5 minutes.

button button
button button
Discover more
ration

Many cybersecurity solutions prioritize a visually appealing user interface and platform design,

rather than focusing on effectively identifying
and addressing the most critical security events.

Our vision

App Features

Our app is constantly growing and here is the list of the most common features.

Demo, Freemium, Premium

You can start with Demo to play with app features and then register and go to Freemium subscription where you can use your NetFlow and WebProxy data. Then you can upgrade to Premium when needed and cancel at any time.

Easy Onboarding

Our cloud-native Software-as-a-Service app is globally accessible and can be used without any installation on the customer's network. We support networks of any size and offer easy provisioning that takes less than 5 minutes, with no need for additional equipment.

Security Monitoring

The ability to analyze NetFlow and WebProxy telemetry in real-time, allowing users to identify and respond to threats in a timely manner. Quick and easy monitoring of network activity from a mobile device, allowing users to stay informed about potential threats while on the go.

Innovative Engine

Our innovative Impact Detection Engine is able to detect many different types of anomalies and set the correct severity for each alarm, allowing you to focus on a very few most critical attacks. We train ML models based on your feedback in order to improve our IDE engine efficacy.

Top 3 alarms weekly

Top3 alarms selected weekly manually by the investigators out of all critical alarms. Should be of primary concern.

Investigations

We provide an easy way to help you start investigating security threats. Our SOC team is on Slack 24/7 updating you proactively with all the attacks we detect. Click here to see an example of our investigation.

How Does It Work?

App login screen
app-1
App Tenant Registration
App API Key
App Freemium
App Premium
App Netflow Critical Alerts
App Investigation Panel
Alert Details
Incident management
WebProxy Alerts
Domain Reputation

Step 1. Install the app

Go to Google Play store or Apple Store and search for SEC.ONE Threat Hunting app. Then install it. Set up a new PIN to protect the app and use it for the first login.

Step 2. Play with the app

Demo mode is enabled by default so that you can see what we offer and play with different features of the app.

Step 3. Register as a new Tenant

In order to start using the app with your NetFlow/WebProxy data you must first register as a new Tenant and provide us your public IP that you will be sending your NetFlow or WebProxy logs from.

Step 4. Provide your API Key

After successful Tenant registration, you will receive an individual API Key on your email. Copy it from the email and paste into the app Settings > API Key.

Step 5. Buy Premium subscription if needed

You are now Freemium user. That means you have access to all features of the app but you're still limited in the number of flows and alarms that can be generated. You can update to Premium to have a higher limits and investigation capabilities.

Step 6. Premium Tenant

If you buy our Premium license you have access to additional app capabilities such as investigation services.

Step 7. Viewing Alerts

Click on Critical button to see all critical alerts that we identified. You can press on any alert to view it's details.

Step 8. Investigation Panel

Being on the Alert Details screen, you can start Investigation with Cisco TALOS or VirusTotal, or ask us to help you with the investigation. After investigating you can take an action such as 'Whitelist IP' or 'Blacklist IP'.

Step 9. Additional alert details

By clicking an icon next to the individual event, you can see more information such as a timestamp, severity and number of bytes.

Step 10. Alert status management

You can also manage an investigation status directly from the app.

Step 11. WebProxy Alerts

You can use similar process to investigate WebProxy alerts. Here you'll see domain/URL information, not only IP address.

Step 12. URL/Domain Investigation

You can click individual event to start investigating it.

Few examples of attacks detected by us and confirmed by our customers

  • Infected Android phone detected calling C&C in China.
  • Russian spam network exploiting incorrectly configured Exchange server allowing to send spoofed emails to anybody in the company.
  • Datacenter staff sending traffic out via Ghost VPN (bypassing security controls).
  • Campus users connecting via TOR (bypassing security controls).
  • Network device with default SNMP credentials exposed to the Internet (and exploited by the host from China).
  • User attempting to access a webpage associated with a phishing campaign.

 

Any questions?
Check out the FAQs

Still have unanswered questions and need to get in touch?

Contact us now

After registering as a new Tenant, we will be using your name, company name, email address and IP address to provide our services. No other data including Credit Card number or address is NOT being processed or stored by us.

If you want to delete your account permanently, please contact us using the app contact form or the button on the left.

For EMEA customers

We are GDPR compliant (and your data is stored in EMEA cloud)

We’re storing your data in the AWS cloud protecting it using the AWS infrastructure security.

Remember that we’re only using NetFlow telemetry data, so no data payloads are sent.

We store NetFlow data for a period of 7 days and then we delete them permanently.

You can use our App for FREE as long as you not cross the limits. For example, if you’re Freemium user, there are following limits applied:

  • number of Flows analyzed per day = 500k
  • number of Alarms per day = 50
  • number of paid Investigations = 1
  • best effort support

If you need more that this, please consider subscribing to our Premium plan. The current cost of Premium service you can check within our app.

We are partnering with Stripe to provide easy and secure payment options for all over the world customers.

This means that we’re NOT processing your payment nor store any of your payment data. Everything is transparent and handled by Stripe.

We are happy to see you using our app and even more happy to hear that you like it a lot.

We’re constantly working on new features and guess what, you can fully participate in that process. That means, we offer to our customer a Feedback and Roadmap page, where you can provide ideas and vote for features that you wish to see in the app.

Also, feel free to contact us if you have a special wish 🙂

No worries at all!

We’re NOT storing your PIN! The app stores it locally.

To reset your PIN, simply, remove the app from your mobile device and then reinstall it. You will then have an option to create a new PIN.

Remember that the app will be reset to Demo and you need to re-apply your individual API Key to restore your Tenant’s data.

Subscribe to our newsletter to stay informed about latest updates

Please provide a valid email address.
Company Info

SEC.ONE Sp. z o.o.

ul. Długa 29

02-238 Warsaw

Useful links

Privacy Policy

Terms and Conditions

Top